Security Basics mailing list archives

RE: MSN virus

From: "Lozano, Renato" <renato.lozano () moneris com>
Date: Thu, 4 Feb 2010 14:02:38 -0500


Hi All, 

I have received two e-mails from friends that have hotmail accounts with
no subject and only the following links :

http://sites.google.com/site/dfysdu6as/vlmg8c   
http://sites.google.com/site/jksu78guo/mkkf1o

I contacted them and they did not send the e-mail.  



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Todd Haverkos
Sent: Thursday, February 04, 2010 12:49 PM
To: xiandu () latech edu
Cc: security-basics
Subject: Re: MSN virus

xiandu () latech edu writes:

Hi,

My MSN contacts told me that they obtained a message from me to go to
website although I was not on MSN. I hear it is virus and have no idea
about the nature and removal methods. Could any experts help?

thanks
xian

Hi Xian,

I don't feel expert at this specific issue by any stretch, but a
friend of mine who is a hotmail user also recently had a hotmail
account compromised in what sounds like a similar fashion. She found
out through friends since all her hotmail contacts had received a
message from her account saying she was out of the country, in
trouble, and needed money. Her account had the password changed and
she was locked out. I think similar things have targetted facebook
users.

I wasn't able to determine the root cause of her compromise. It
didn't seem to be malware on her home computer, or a laptop she'd
used, but a relative's computer may have been involved (which wasn't
available for analysis).

She vaguely recalled clicking on an attachment or URL in her email
while using the relative's computer that roused her suspicion, but
that incident preceded the emails went out to all contacts and the
password getting changed by a day or two.

The good news is that Microsoft was able to get her control of her
account again--it took a few days. There was some help link on
hotmail where she could report a hijacked account.

I'm not sure if the thing she clicked on 2 days before the mail went
out _was_ the attack, or if it was an attack on password reset
questions, or brute forcing of bad passwords, malware keylogging
passwords on compromised machines, or some web application based
vulnerability in msn or hotmail themselves... but I'm curious of
others experience of similar issues.

--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate. We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

______________________________________________________________________
This e-mail may be privileged and/or confidential, and the sender does
not waive any related rights and obligations.Any distribution, use or
copying of this e-mail or the information it contains by other than an
intended recipient is unauthorized.If you received this e-mail in error,
please advise me (by return e-mail or otherwise) immediately.

______________________________________________________________________
This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations.Any
distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is
unauthorized.If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

MSN virus xiandu (Feb 04)
- Re: MSN virus Henri Salo (Feb 04)
  - Re: MSN virus Ramki B Ramakrishnan (Feb 05)
- Re: MSN virus Todd Haverkos (Feb 04)
  - RE: MSN virus Lozano, Renato (Feb 05)
  - Re: MSN virus xiandu (Feb 05)
  - Re: MSN virus xiandu (Feb 05)
    - Re: MSN virus Todd Haverkos (Feb 08)
- <Possible follow-ups>
- Re: Re: MSN virus taser3000 (Feb 05)